plain source -> encrypted destination: rsync + gpg
ml at nzl.com.ar
Thu Jun 26 16:38:37 EST 2003
We want to keep a backup or a mirror of your files in a server we don't
fully trust. You can have an encrypted FS on a file, and copy the
complete FS to the untrusted server, but it is inefficient, and you get
no granularity at all.
In our case, the remote server runs amanda, and we want to use amanda's
power to restore files selectively -- yet don't give away our privacy.
(We are, in fact, the administrators, not the end users, and we are
trying to offer good quality backups with good privacy).
Rsync seems to come quite close -- so close that I am tempted to write a
shell script. The implementation I am thinking of is quite inelegant:
keep a "shadow" copy of the source files (encrypted using pgp), rsync
the shadow directory and the destination.
Are there ways to hook into rsync and preprocess the file before it is
checksummed and sent over? Are there other alternatives? (hopefully
more elegant than maintaining a shadow copy of all the files!).
There's an "GPG and Rsync" thread describing almost exactly what we want
And also rsync-backup seems to be almost there -- but things seem to be
happening at the server end.
More information about the rsync